A new malware campaign has infiltrated Apple’s App Store, putting cryptocurrency wallets at risk. Security researchers at Kaspersky identified a malicious software development kit (SDK) named SparkCat, hidden within multiple apps on both iOS and Android. The malware uses optical character recognition (OCR) technology to extract crypto wallet recovery phrases from images, allowing attackers to steal funds remotely.
This is the first documented case of crypto-stealing malware bypassing Apple’s App Store review process. While Apple has removed some infected apps, concerns remain that similar threats may still exist.
How SparkCat Operates
SparkCat scans a user’s photo gallery for wallet recovery phrases and transmits them to an attacker-controlled command-and-control (C2) server. Unlike traditional malware, which typically spreads through unofficial sources, SparkCat managed to enter legitimate app marketplaces, making it an even greater security concern.
Researchers found SparkCat in food delivery and AI-powered messaging apps, as well as apps designed to lure unsuspecting users. One of the first affected apps, ComeCome, was available in the UAE and Indonesia, but the full list of infected apps remains unknown.
Apple and Google Respond
Both Apple and Google have taken action to remove identified threats. However, researchers warn that some apps may still be available via third-party sources or sideloading. Apple has always maintained strict policies against malicious software, but this breach highlights gaps in its security screening.
Google Play Store saw over 242,000 downloads of infected apps, raising concerns about the scope of the attack and its long-term impact on crypto users.
How to Protect Your Crypto Assets
To safeguard your digital funds, experts recommend:
- Avoid storing wallet recovery phrases as screenshots – Malware can scan images for sensitive information.
- Check installed apps regularly – Remove unfamiliar or unnecessary apps to minimize security risks.
- Use a trusted mobile security app – Some apps can detect malicious activity before it becomes a problem.
- Reset compromised wallets – If you suspect a breach, move funds to a new wallet with a fresh recovery phrase.
As malware threats continue to evolve, staying vigilant and adopting best security practices is crucial for protecting crypto assets from cybercriminals.
